Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player
47686	2024-08-29 17:33	66cf329d43179_vijwe15.exe#d15 39a75882ca5f56cb35dd0634a22c2739 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Malicious Library Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 FTP Client Info Stealer VirusTotal Malware Telegram PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Windows utilities Collect installed applications suspicious process malicious URLs WriteConsoleW anti-virtualization installed browsers check Tofsee Windows Browser ComputerName DNS Software	1 Keyword trend analysis	5	3	1	15.6	M	32	ZeroCERT

47687	2024-08-29 20:58	index2.html be8764f2800cc28a19b745fd6f81dba9 AntiDebug AntiVM PNG Format MSOffice File JPEG Format VirusTotal Malware Code Injection RWX flags setting exploit crash unpack itself Windows utilities Tofsee Windows Exploit DNS crashed		1	2		4.6		22	guest

47688	2024-08-30 10:50	steam.exe 27047eb28d9fce65df74eb314965e864 Malicious Library VMProtect PE File PE64 VirusTotal Malware					1.8		23	ZeroCERT

47689	2024-08-30 10:51	66d0879618b6b_File.exe#xin bd2891236510c953d469e346d092f0c7 Malicious Library UPX PE File .NET EXE MSOffice File PE32 OS Processor Check VirusTotal Malware PDB Check memory Checks debugger unpack itself ComputerName					2.4		12	ZeroCERT

47690	2024-08-30 10:52	sreemanganshekumarsayingbutter... f3e730b297901499d743de5c1dff1e7d MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.8	M	40	ZeroCERT

47691	2024-08-30 10:53	66d0c13d2f0ed_ImpressedHub.exe 2f5226b4116ce79afb6dcb32fa647954 Suspicious_Script_Bin Generic Malware Malicious Library UPX PE File PE32 OS Processor Check VirusTotal Malware suspicious privilege Code Injection Check memory Checks debugger WMI Creates executable files unpack itself Windows utilities suspicious process AppData folder WriteConsoleW Windows ComputerName					5.6		8	ZeroCERT

47692	2024-08-30 10:55	%E8%88%9E%E8%B9%88%E5%8A%A9%E6... c0ae221773a600c3c2d2e690ddf776f1 Generic Malware Malicious Library VMProtect UPX PE File PE32 VirusTotal Malware Checks debugger unpack itself Remote Code Execution crashed					3.6	M	46	ZeroCERT

47693	2024-08-30 10:57	wemadethesuccessfullbuttersmoo... fdff090601b2ddef31b254e19bf6cb60 MS_RTF_Obfuscation_Objects RTF File doc VirusTotal Malware Malicious Traffic RWX flags setting exploit crash Tofsee Exploit DNS crashed	1 Keyword trend analysis	3	1		4.6	M	33	ZeroCERT

47694	2024-08-30 10:59	sj.exe 2100afde3e24faa6c594799dd2f5472c Generic Malware Malicious Library Downloader Malicious Packer ASPack UPX PE File DllRegisterServer dll PE32 OS Processor Check VirusTotal Malware suspicious privilege unpack itself Remote Code Execution crashed					3.0	M	44	ZeroCERT

47695	2024-08-30 10:59	66d0cd9d59f3e_vdwrg12.exe#d12 5095864caf019967467c5714897ee419 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download FTP Client Info Stealer Vidar VirusTotal Email Client Info Stealer Malware c&c PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI Creates executable files unpack itself Collect installed applications malicious URLs sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser Email ComputerName DNS Software crashed plugin	8 Keyword trend analysis	1	10 Info ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity	1	15.6	M	27	ZeroCERT

47696	2024-08-30 11:01	CardPWD.exe 2ae78305061a7a1491e4371e49f506f8 CoinMiner Generic Malware UPX Malicious Library PE File PE32 DLL .NET DLL OS Processor Check Malware download Dridex VirusTotal Malware Check memory Checks debugger Creates executable files ICMP traffic unpack itself AppData folder WriteConsoleW Windows	1 Keyword trend analysis	2	4		5.6	M	36	ZeroCERT

47697	2024-08-30 11:01	kdmapper_Release.exe 0b57fb7f0711c4ab650d2cf49d480a8a Gen1 Generic Malware Malicious Packer UPX PE File PE64 OS Processor Check VirusTotal Malware PDB					1.4	M	56	ZeroCERT

47698	2024-08-30 11:03	winrar.exe 1394628b42db25d5960c3ab8027b4fb4 Malicious Library VMProtect PE File PE64 VirusTotal Malware					1.8	M	21	ZeroCERT

47699	2024-08-30 11:04	66d0cda07d045_vteh15.exe#d15 ec8ca3a0426fdbf16cc1bb707bdf1ea6 Stealc Client SW User Data Stealer LokiBot ftp Client info stealer Antivirus Http API PWS HTTP Code injection Internet API AntiDebug AntiVM PE File .NET EXE PE32 Browser Info Stealer Malware download Vidar VirusTotal Malware c&c PDB MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted WMI unpack itself Collect installed applications malicious URLs sandbox evasion anti-virtualization installed browsers check Stealc Stealer Windows Browser ComputerName DNS plugin	2 Keyword trend analysis	1	5 Info ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 ET INFO Dotted Quad Host DLL Request ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	1	13.4	M	26	ZeroCERT

47700	2024-08-30 11:05	no.exe 92ffd2b619edc0df4985b45b88f308fb Malicious Library Downloader VMProtect PE File PE64 VirusTotal Malware					2.2	M	49	ZeroCERT